Documentation Index

Fetch the complete documentation index at: https://docs.darwinium.com/llms.txt

Use this file to discover all available pages before exploring further.

Establishing SSO

Prev Next

It is highly encouraged to establish Single Sign-On to the Darwinium Portal. It permits authentication to the Darwinium Portal to be performed by your existing Identity Access Management provider.

We offer support for both OIDC (OAuth2.0) and SAMLv2; SAMLv2 may be preferred due to its simplicity and wider support.

Please note that different IdPs may require slightly different configuration formats and may not exactly match what is on this guide. We will be able to provide exact guidance on integrations with Okta, Google and Azure IdPs, but will also be willing to work with you to configure any new integrations that support our offered protocols.

Self-serve SAMLv2 Setup Instructions

Self-serve SSO

SSO configuration is now self-serve in Portal under Your Name (top right) > SSO Config

Go to Name (top right) > SSO config > Add Identity provider and follow inline instructions.

(Legacy) SAMLv2 Setup Instructions

Step 1: Gather Required Information

You will need the following information to configure your Identity Provider (IdP):

  • Single Sign-On URL/ACS URL:
https://auth.darwinium.com/auth/realms/dwn-jump/broker/<your_domain>/endpoint
  • Audience URI:
https://auth.darwinium.com/auth/realms/dwn-jump/broker/<your_domain>/endpoint
  • SAML metadata endpoint:
https://auth.darwinium.com/auth/realms/dwn-jump/broker/<your_domain>/endpoint/descriptor
  • NameId Format: email

  • NameId Value: email

  • SAML attributes to map: firstName, lastName, email

  • NameID Principal Type: Subject NameID

  • Validate Signature: True

Step 2: Configure Your Identity Provider (IdP)

Use the information above to set up SSO in your IdP. Ensure that <your_domain> matches the domain of the users' email addresses. e.g., if the user logs in with user@yourdomain.com, <your_domain> should be yourdomain.com

Step 3: Provide Us With Your IdP Details

Once you have configured your IdP, provide us with the following details:

  • <your_domain>
  • The name of your IdP
  • Single Sign-On Service URL
  • Validating X509 Certificates

We will use this information to complete the configuration on our end.

OIDC Setup Instructions

To configure OIDC, follow these steps:

Step 1: Gather Required Information

You will need the following information to configure your IdP:

  • Redirect URI:
https://auth.darwinium.com/auth/realms/dwn-jump/broker/oidc/endpoint
  • Grant type: Authorization token AND refresh token
  • Application type: Web
  • Refresh token: Rotate after every use, 0 seconds grace
  • Client Authentication method: Client secret sent as post

Step 2: Configure Your Identity Provider (IdP)

Use the above information to set up OIDC in your IdP.

Step 3: Provide Us With Your IdP Details

Once you have configured your IdP, provide us with the following details:

  • <your_domain>
  • The name of your IdP
  • Authorization URL
  • Token URL
  • User Info URL
  • Client Authentication details

Ensure that <your_domain> matches the domain of the users' email addresses.
e.g., if the user logs in with user@yourdomain.com, <your_domain> should be yourdomain.com

Final Steps

After you provide the necessary details for either SAMLv2 or OIDC, we will complete the setup on our end.

Once this is done, a portal admin in your organization will need to create accounts for users in the Darwinium portal and configure them with the appropriate roles before they can log in.

Any previously existing portal accounts will be automatically switched over to SSO logins and will no longer be accessible by the original password login.